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I claim: 

1 . A method of establishing a TCP/IP cofmection between a client and a 
server such that the server may better withstand a SffN flood attack, the method 
comprising: 

receiving a TCP SYN packet requestin^the formation of a TCP/IP connection 
from a client, the TCP SYN including a source IP address of the client; 

allocating a small TCP control bloc^ (TCB) to service a TCP/IP three-way 
handshake; and 

transmitting a TCP-ACK to the^IP address of the client. 
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2. The method of claim 1 , further comprising: 

receiving an ACK from the client in response to the TCP-ACK, the receipt of the 
ACK completing an establishnient of a TCP connection; and 

thereafter notifying a socket layer of the TCP connection. 



3 . The method of claim 2, further comprising caching route information for 



the client performed after receiving the ACK from the client. 



20 4. The niethod of claim 3 , further comprising allocating a full TCB to service 

the TCP connection after receiving the ACK from the client. 



5. The method of claim |, further comprising allocating a full TCB to service 
the TCP connection after receiving the ACK from the client 



6. The method of clainyl, further comprising: 

5 receiving an ACK from the /client in response to the TCP- ACK, the receipt of the 

ACK completing an establishmenuof a TCP connection; and 
thereafter caching route information for the client. 

7. The method of claim 6, further comprising notifying a socket layer of the 
1 0 TCP connection performed after receiving the ACK from the client. 

8. The method of claim 1, wherein the step of allocating a small TCP control 
block (TCB) to service a TCMP three-vs^ay handshake comprises allocating a small TCB 
of size sufficient only to service the TCP/IP three-v^ay handshake. 
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9. The method/of claim 1, wherein the step of allocating a small TCP control 
block (TCB) to service a TCP/IP three-way handshake comprises allocating a small TCB 
of size insufficient to service the TCP connection. 



20 10. The met|iod of claim 1 , further comprising: 

receiving an A^K from the client in response to the TCP-ACK, the receipt of the 
ACK completing an establishment of a TCP connection; and 

thereafter allocating a full TCB to service the TCP connection. 
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11. A method of enhancing a server's jbility to withstand a SYN flood attack, 
the method comprising: 

receiving a TCP SYN packet requesting/ the formation of a TCP/IP connection 
5 from a client having a source IP address; 

transmitting a SYN-ACK to the clierft at the source IP address; 
av^aiting receipt of an ACK from the client at the source IP address; and 
thereafter notifying a socket layeryof the TCPylP connection. 

□ / 

fi 1 0 12, The method of claim 1 fiirther comprising caching route information for 

y the client after receipt of the ACK from the client. 

¥^ I 

13. The method of claim 12, fiirther comprising allocating a small TCP 
5J control block (TCB) after receiving the TCP SYN. 
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14. The methoa of claim 13, fiirther comprising allocating a fiill size TCB 
after receiving the ACK/Brom the client. 



1 5. A me^ftiod of enhancing a server's ability to withstand a SYN flood attack, 
20 the method comprising: 

receiving/a TCP SYN packet requesting a TCP/IP connection from a client; 
allocating a small TCP control block (TCB) of size sufficient only to service the 
TCP/IP connection request; 
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transmitting a S YN-ACK tc 



the client; 

delaying a notification of tl|^ TCP/IP connection request to a socket layer until an 
ACK is received from the client; and 

delaying a caching of rout^ information for the client until the ACK is received 
from the client. 
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1 6. The method of iclaim 1 5, further comprising: 

receiving the ACK from the client; and thereafter 

allocating a TCB of size sufficient to service the TCP/IP connection; 

notifying the socket/ layer of the TCP/IP connection; and 

caching route infoimation for the client. 
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1 7. A method/of enhancing a server's ability to v^ithstand a S YN flood attack, 
the method comprising: j 

receiving a TCP S YN from a supposed client to establish a TCP connection; 
transmitting a/S YN-ACK to the supposed client; and 
only upon ana if receipt of an ACK from the supposed client: 

1) caching route information for the supposed client; and 

2) nptifying a socket layer of the TCP coimection. 

18. The method of claim 17, further comprising allocating upon receipt of the 
TCP SYN a sirikll TCP control block (TCB). 



1 9. The method of claim 1 8, vmevem the small TCB is of size sufficient to 
service an establishment of a TCP comiection and insufficient to service an actual TCP 
connection. / 



5 . 20. The methpd of claim 1 8, further comprising, only upon and if receipt of an 

ACK fi-om the suppled client, allocating a TCB of size sufficient to service the actual 
TCP connectior 
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